Overview

overview

10

Static

static

1

test.bat

windows7-x64

1

test.bat

windows10-2004-x64

10

Resubmissions

23-05-2023 13:55

230523-q8krnsfe54 3

23-05-2023 13:40

230523-qyzg3sgd21 8

23-05-2023 13:38

230523-qxc8fsgd2w 8

23-05-2023 12:40

230523-pwbskafc46 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.bat

  • Size

    370B

  • Sample

    230523-pwbskafc46

  • MD5

    1157be1803e2f740eec3a0c69aa44625

  • SHA1

    5963efa7895a6748e74f0aeb94a3b3856787b8c5

  • SHA256

    42c77f89ea1a298098ecf3e8939f6c5ccd005742d0482047ee26fbf56728c684

  • SHA512

    04d698560789eb87f9fdbc32468557d05655558d289749f263fba4cdeb26b1cf83c214c316d60184856a935a9da757a62c361ca8e41804b59606a068a18f3899

Score
10/10
evasionransomware

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/SteavenToolBox/Windows/main/Scripts/runtime.ps1

Targets

    • Target

      test.bat

    • Size

      370B

    • MD5

      1157be1803e2f740eec3a0c69aa44625

    • SHA1

      5963efa7895a6748e74f0aeb94a3b3856787b8c5

    • SHA256

      42c77f89ea1a298098ecf3e8939f6c5ccd005742d0482047ee26fbf56728c684

    • SHA512

      04d698560789eb87f9fdbc32468557d05655558d289749f263fba4cdeb26b1cf83c214c316d60184856a935a9da757a62c361ca8e41804b59606a068a18f3899

    Score
    10/10
    evasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Blocklisted process makes network request

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks